Please submit only technical tips that will help other TidBITS readers better use their Macs, iPhones, iPads, and related software and hardware. All product announcements should be sent to releases@tidbits.com.

Tip title*

Your tip*

URL

Enter the URL to a Web page that supports your tip.

Linked text

Enter the name of the page linked above.

Your name*

Your email*

* indicates required fields

To help us avoid automated posts and spam, please enter the words below.

When you submit a tip, you give us permission to use it. Read our terms for more details. All submissions are reviewed before publication.

Our terms: By submitting a tip, you agree to assign TidBITS Publishing Inc., a non-exclusive, worldwide, perpetual license to reproduce, publish, and distribute your tip in connection with the TidBITS Web site and associated products in any media. You agree that you created the content you submitted, and that you have the right to assign us this license. You give us permission to use your name, but your email address won't be publicly displayed or shared. We review all submissions before publication, and reserve the right to select which submissions we feel are appropriate for our readers and to edit those we publish.

Our terms: We reserve the right to edit or delete any comment, so please post thoughtfully. We use your email address only to send you a one-time verification message confirming that you posted this comment. We also store your address to allow you to verify using other Web browsers in the future. For more info, see our privacy policy.

Keep Markup Tools Active in PDFpen

By default, PDFpen switches back to the Edit tool each time you add text, scribbles or other markup. To keep a tool selected (continuous use mode), double-click it. To exit continuous use mode, click the Select tool or press Command-1. You can also make continuous use mode the default by selecting Keep Tools Selected After Use in PDFpen's Editing preferences.

AirPort Updates Stop Wi-Fi Exploit

Apple last week released a pair of updates, Security Update 2006-005 and AirPort Update 2006-001, which resolve a trio of related potential exploits in which a local attacker could inject a maliciously crafted frame into a wireless network. In theory, such an attack could cause system crashes, execute arbitrary code, or elevate privileges, though Apple took pains to note that there are no known instances of these exploits. Although you can download the individual updates from the Apple Downloads page (only one is necessary), you must pick the correct one for your machine.

Although Apple's release notes are terse as usual, these updates undoubtedly come in response to the Wi-Fi exploit demonstrated by David Maynor and Jon Ellch at the Black Hat 2006 conference. Apple did not credit Maynor nor Ellch for these fixes, however, which is an implicit statement that Apple refuses to acknowledge that the two researchers contributed to uncovering the flaws. An Apple spokesperson denied that SecureWorks, the firm for which Maynor works, provided information that led to these patches. Rather, the spokesperson told several media outlets and TidBITS that news of the SecureWorks demonstration prompted Apple to conduct an in-depth code audit that led to identifying these vulnerabilities. (See "Wireless Driver Hack Could Target Macs and Windows," 07-Aug-06 and "Apple Issues Careful Wi-Fi Exploit Denial," 28-Aug-06.) SecureWorks has not responded to any media outlet with additional clarification at press time; the company is also in the middle of a merger, which could be why they're not commenting. What's most important is that Mac users who apply the patches are no longer vulnerable to these particular exploits.

Make friends and influence people by sponsoring TidBITS!Put your company and products in front of tens of thousands ofsavvy, committed Apple users who actually buy stuff.More information: <http://tidbits.com/advertising.html>